github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-15 01:23:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bettercap/modules/net_sniff_http.go
evilsocket c98191c43e new: http parser
2018-01-10 03:06:05 +01:00

42 lines
912 B
Go
Raw Blame History

package modules
import (
"fmt"
"github.com/evilsocket/bettercap-ng/core"
"regexp"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := tcp.Payload
dataSize := len(data)
if dataSize < 20 {
return false
}
m := httpRe.FindSubmatch(data)
if len(m) != 4 {
return false
}
url := fmt.Sprintf("http://%s", string(m[3]))
if tcp.DstPort != 80 {
url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
}
url += fmt.Sprintf("%s", string(m[2]))
fmt.Printf("[%s] %s %s %s %s\n",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, vURL(string(m[1]))),
core.Yellow(url))
return true
}
Reference in a new issue View git blame Copy permalink